[unisog] Anyone have a citation for an academic research study on whether mandatory password changes increase security?

Stephen John Smoogen smooge at unm.edu
Mon May 7 17:00:06 GMT 2007


H. Morrow Long wrote:
> Anyone have a citation for an academic research study on whether
> mandatory password expiration and changes increase security?
> 

None that I could find. This is probably due to the fact that
expiration, change rules and such are psychology and not usually the
purview of CS.

In the end, a systems security is only as good as its users. If users do
not take security seriously... no matter how many technical
countermeasures.. you will end up with crap. I think a good place for
academic research papers would be to find social papers on decay of
various neighborhood/societies. It would also be a good reference on
what policy changes work do and do not work.





-- 
Stephen Smoogen -- ITS/Linux Administrator
  MSC02 1520 1 University of New Mexico Albuquerque, NM  87131-0001
  Phone: (505) 277-7343  Email: smooge at unm.edu
 How far that little candle throws his beams! So shines a good deed
 in a naughty world. = Shakespeare. "The Merchant of Venice"


More information about the unisog mailing list